src.conf.5: Update xref for SSP description

SSP is currently documented in migitations.7.

Fixes: 297bb39b6f0f ("mitigations.7: move SSP documentation from security.7 to here")
Reviewed by: kevans
S

src.conf.5: Update xref for SSP description

SSP is currently documented in migitations.7.

Fixes: 297bb39b6f0f ("mitigations.7: move SSP documentation from security.7 to here")
Reviewed by: kevans
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48620

show more ...

Add a build knob for _FORTIFY_SOURCE

In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to eas

Add a build knob for _FORTIFY_SOURCE

In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to ease bisect across older versions without the new
symbols, and we'll put out a call for testing.

include/*.h include their ssp/*.h equivalents as needed based on the
knob. Programs and users are allowed to override FORTIFY_SOURCE in their
Makefiles or src.conf/make.conf to force it off.

Reviewed by: des, markj
Relnotes: yes
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32308

show more ...

Update WITH_/WITHOUT_SSP descriptions

ProPolice refers to a specific implementation by Hiroaki Etoh and
Kunikazu Yoda. The implementation in contemporary Clang and GCC is
somewhat different and new

Update WITH_/WITHOUT_SSP descriptions

ProPolice refers to a specific implementation by Hiroaki Etoh and
Kunikazu Yoda. The implementation in contemporary Clang and GCC is
somewhat different and newer, so use a generic term in the src.conf
descriptions.

Sponsored by: The FreeBSD Foundation

show more ...

Remove $FreeBSD$: one-line nroff pattern

Remove /^\.\\"\s*\$FreeBSD\$$\n/

Drop 'Set to' from most src.conf(5) knobs

The description is clearly what effect the knob has when set, so the
additional text was unnecessary.

Reviewed by: jhb, se
Sponsored by: The FreeBSD Founda

Drop 'Set to' from most src.conf(5) knobs

The description is clearly what effect the knob has when set, so the
additional text was unnecessary.

Reviewed by: jhb, se
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29583

show more ...

src.conf.5: Update xref for SSP description

SSP is currently documented in migitations.7.

Fixes: 297bb39b6f0f ("mitigations.7: move SSP documentation from security.7 to here")
Reviewed by: kevans
S

src.conf.5: Update xref for SSP description

SSP is currently documented in migitations.7.

Fixes: 297bb39b6f0f ("mitigations.7: move SSP documentation from security.7 to here")
Reviewed by: kevans
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48620

show more ...

Add a build knob for _FORTIFY_SOURCE

In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to eas

Add a build knob for _FORTIFY_SOURCE

In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to ease bisect across older versions without the new
symbols, and we'll put out a call for testing.

include/*.h include their ssp/*.h equivalents as needed based on the
knob. Programs and users are allowed to override FORTIFY_SOURCE in their
Makefiles or src.conf/make.conf to force it off.

Reviewed by: des, markj
Relnotes: yes
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32308

show more ...

Update WITH_/WITHOUT_SSP descriptions

ProPolice refers to a specific implementation by Hiroaki Etoh and
Kunikazu Yoda. The implementation in contemporary Clang and GCC is
somewhat different and new

Update WITH_/WITHOUT_SSP descriptions

ProPolice refers to a specific implementation by Hiroaki Etoh and
Kunikazu Yoda. The implementation in contemporary Clang and GCC is
somewhat different and newer, so use a generic term in the src.conf
descriptions.

Sponsored by: The FreeBSD Foundation

show more ...

Remove $FreeBSD$: one-line nroff pattern

Remove /^\.\\"\s*\$FreeBSD\$$\n/

Drop 'Set to' from most src.conf(5) knobs

The description is clearly what effect the knob has when set, so the
additional text was unnecessary.

Reviewed by: jhb, se
Sponsored by: The FreeBSD Founda

Drop 'Set to' from most src.conf(5) knobs

The description is clearly what effect the knob has when set, so the
additional text was unnecessary.

Reviewed by: jhb, se
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29583

show more ...

Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You

Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.

Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.

Submitted by: Jeremie Le Hen <jeremie@le-hen.org>

show more ...

Introduce WITHOUT_SSP option that allows users to exclude LGPLed
libssp from the build.

src.conf.5: Update xref for SSP description

SSP is currently documented in migitations.7.

Fixes: 297bb39b6f0f ("mitigations.7: move SSP documentation from security.7 to here")
Reviewed by: kevans
S

src.conf.5: Update xref for SSP description

SSP is currently documented in migitations.7.

Fixes: 297bb39b6f0f ("mitigations.7: move SSP documentation from security.7 to here")
Reviewed by: kevans
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48620

show more ...

Add a build knob for _FORTIFY_SOURCE

In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to eas

Add a build knob for _FORTIFY_SOURCE

In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to ease bisect across older versions without the new
symbols, and we'll put out a call for testing.

include/*.h include their ssp/*.h equivalents as needed based on the
knob. Programs and users are allowed to override FORTIFY_SOURCE in their
Makefiles or src.conf/make.conf to force it off.

Reviewed by: des, markj
Relnotes: yes
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32308

show more ...

Update WITH_/WITHOUT_SSP descriptions

ProPolice refers to a specific implementation by Hiroaki Etoh and
Kunikazu Yoda. The implementation in contemporary Clang and GCC is
somewhat different and new

Update WITH_/WITHOUT_SSP descriptions

ProPolice refers to a specific implementation by Hiroaki Etoh and
Kunikazu Yoda. The implementation in contemporary Clang and GCC is
somewhat different and newer, so use a generic term in the src.conf
descriptions.

Sponsored by: The FreeBSD Foundation

show more ...

Remove $FreeBSD$: one-line nroff pattern

Remove /^\.\\"\s*\$FreeBSD\$$\n/

Drop 'Set to' from most src.conf(5) knobs

The description is clearly what effect the knob has when set, so the
additional text was unnecessary.

Reviewed by: jhb, se
Sponsored by: The FreeBSD Founda

Drop 'Set to' from most src.conf(5) knobs

The description is clearly what effect the knob has when set, so the
additional text was unnecessary.

Reviewed by: jhb, se
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29583

show more ...

Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You

Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.

Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.

Submitted by: Jeremie Le Hen <jeremie@le-hen.org>

show more ...

Introduce WITHOUT_SSP option that allows users to exclude LGPLed
libssp from the build.

Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You

Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.

Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.

Submitted by: Jeremie Le Hen <jeremie@le-hen.org>

show more ...

Introduce WITHOUT_SSP option that allows users to exclude LGPLed
libssp from the build.